Multi Factor Authentication Providers

SecureMFA ADFS OTP Provider

OTP authentication for Microsoft ADFS. It is a module for Microsoft ADFS 2019 or ADFS 2016 servers. It enables ADFS servers to provide multi-factor authentication (MFA) using a Time-Based One-Time Password (TOTP) Algorithm which is based on RFC6238. Using this MFA provider users are required to enter a one time pass-code, which is generated on their phones via authenticator application like Microsoft Authenticator , Google Authenticator, Symantec VIP etc. to complete second factor authentication logon.

Product details and information how to deploy the latest SecureMFA Time-base One-Time Pass-code provider for ADFS

Features

  • OTP passcodes for unlimited user accounts.

  • OTP user accounts deactivation

  • OTP data storage in MS SQL service

  • Self-registration with QR code (using free Microsoft Authentication, Google Authentication, Symantec VIP etc. mobile apps)

  • Logs in Windows Applications Log

  • ADFS 2016 and ADFS 2019 support

  • Support of ADFS CSS themes

  • OTP data storage in MS Active Directory attributes or MS SQL Service

  • OTP account lockout feature.

  • OTP validity length can be customised

  • QR secrets encryption with AES 256-bit encryption.

  • Configuration of network locations from which user can scan QR code.

  • Offline QR code generator (Integrated into adapter)

  • QR code customizations. (Advanced configuration)

  • User interface customizations

  • Free version notes are removed

  • Support of ADDS multi-forests trust relationships

Requirements

    • Solution must be deployed on each of ADFS servers (not on Proxy Servers).

    • Requires MS Framework 4.6.1 or later.

SecureMFA ADFS API OTP Provider

OTP authentication for Microsoft Active Directory Federation Service (ADFS). It enables ADFS servers to provide multi-factor authentication (MFA) using a Time-Based One-Time Password (TOTP) Algorithm which is based on RFC6238. Using this MFA provider users are required to enter a one-time passcode to complete a second factor authentication logon process. OTP code is delivered via 3rd party provider’s API Gateway endpoint using HTTP POST. Managed API Gateway service is provided by vendors like Amazon (AWS SNS), Microsoft (Azure Api Management) etc.

Product details and information how to deploy the latest SecureMFA API OTP Provider for ADFS

Features

  • OTP passcodes for unlimited user accounts

  • OTP codes delivery via 3rd party provider’s API endpoint (Message delivery with: SMS, E-MAIL, Phone etc.)

  • OTP user accounts deactivation

  • Logs in Windows Applications Log

  • ADFS 2016 and ADFS 2019 support

  • Proxy configuration

  • Support of ADFS CSS themes

  • OTP data storage in MS SQL service

  • OTP data storage in MS Active Directory attributes

  • OTP account lockout

  • Send API parameters in a message body

  • Customization for POST data values when sending into API endpoint

  • Authentication against API endpoint

  • QR code encryption with AES 256-bit encryption

  • User interface customizations

  • Free version notes are removed

  • Support of ADDS multi-forests trust relationships

Requirements

    • Solution must be deployed on each of ADFS servers (not on Proxy Servers).

    • Requires MS Framework 4.6.1 or later.

SecureMFA ADFS Email OTP Provider

OTP authentication for Microsoft Active Directory Federation Service (ADFS). It enables ADFS servers to provide multi-factor authentication (MFA) using a Time-Based One-Time Password (TOTP) Algorithm which is based on RFC6238. Using this MFA provider users are required to enter a one-time passcode to complete a second factor authentication logon process. OTP code is delivered using SMTP service.

Product details and information how to deploy the latest SecureMFA Email Time Based OTP Provider for ADFS

Features

  • Multi-language UI: English, Spanish, French, German, Chinese, Portuguese, Russian, Italian, Arabic, Turkish, Dutch, Finnish, Swedish, Norwegian, Polish, Danish and Lithuanian.

  • OTP passcodes for unlimited user accounts

  • OTP codes delivery using SMTP service

  • OTP user accounts deactivation

  • OTP data storage in MS SQL service

  • Logs in Windows Applications Log

  • ADFS 2016 and ADFS 2019 support

  • Support of ADFS CSS themes

  • OTP data storage in MS Active Directory attributes or MS SQL Service

  • OTP account lockout

  • OTP validity length can be customised

  • SSL and user authentication support for SMTP service

  • Secrets encryption with AES 256-bit encryption

  • Domain restrictions to receive OTP codes

  • User interface customizations

  • Free version notes are removed

  • Free version notes are removed

Requirements

    • Solution must be deployed on each of your ADFS servers (not on Proxy Servers).

    • Requires MS Framework 4.6.1 or later.

SecureMFA RD Gateway OTP Provider

RD Gateway MFA provider. It is OTP authentication module for Microsoft Remote Desktop Gateway servers (Windows 2019 / 2016) which allows to provide multi-factor authentication for RDS Farms and Remote Desktop Service access using a Time-Based One-Time Password (TOTP) Algorithm . TOTP Algorithm details can be found in RFC6238. Using this MFA provider users are required to enter a one time passcode, which is generated on their phones via authenticator applications like Microsoft Authenticator , Google Authenticator, Symantec VIP etc. to complete second factor authentication logon. This module fully replaces native RD Gateway Client Authentication Policies (CAP) with OTP codes and fully integrates with native RD Gateway Resource Authorization Policies (RAP) for access and control management. More details how RD Gateway API works can be found in MSDN Article.

Product details and information how to deploy the latest SecureMFA RD Gateway OTP Authnetication Provider for Microsoft RD Gateway Service

Features

    • OTP passcodes for unlimited user accounts

    • OTP account lockout

    • QR code secrets decryption with AES 256-bit encryption

    • OTP data storage in MS SQL service

    • OTP user accounts deactivation

    • Integrates with native Microsoft RD Gateway resource authorization policies (RAP)

    • Logs in Windows Applications Log

    • Supported on Windows 2016 or 2019 servers

    • Web Portal which allows to initiate RDP connection using a web browser

Requirements

    • Solution must be deployed on working RD Gateway Server.

    • Requires MS Framework 4.6.1 or later.

Limitations

    • You cannot configure an RD Gateway server to simultaneously use both native authentication and SecureMFA RD Gateway OTP authentication provider.

SecureMFA MS Windows OTP Provider

SecureMFA WIN Authentication Provider is a wrapping of TOTP authentication onto a native windows authentication provider. This allows requesting users to enter a one-time passcode, which is generated on their phones via authenticator application like Microsoft Authenticator, Google Authenticator, Symantec VIP etc. as second-factor authentication in addition to their password. Windows MFA provider works with a standalone and domain-joined workstations or servers. It is developed by using Windows authentication plug-in architecture.

Product details and information how to deploy the latest SecureMFA WIN OTP Authnetication Provider for Windows

Features

    • TOTP code validation for unlimited user accounts

    • TOTP API message decryption with custom AES 256-bit encryption key.

    • Header authentication against API endpoint.

    • API response message protection against replay or tampering.

    • TOTP Offline authentication.

    • TOTP account lockout feature.

Requirements

    • SecureMFA WIN Authentication Provider supports Windows x64 platforms only.

    • Servers OS minimal version must be Windows 2016

    • Client OS minimal version must be Windows 10

Self-service password reset portal (SSPR with MFA)

Self-service password reset Portal allows to reset, change and unlock Active Directory accounts. The portal enforces multi-factor authentication to verify a user’s identity. Users are required to enter a one-time passcode, which is generated on their phones via authenticator application like Microsoft Authenticator, Google Authenticator, Symantec VIP etc. Second-factor authentication will be the user’s password challenge or authorization token received via email. Portal supports role-based access controls (RBAC) and multiple domain profiles.

Product details and information how to deploy the latest SecureMFA SSPR Portal

Features

Unlicensed version

  • Password unlock/change/reset for unlimited Active Directory user accounts.

  • Active Directory access via integrated authentication or LDAP.

  • Multiple LDAP servers for resilient configuration.

  • Multiple profiles to access to unlimited Domains.

  • Password Change/Reset honors Active Directory password history and complexity policies.

  • Role base access to unlock/change/reset workflows.

  • Multi factor authentication.

  • TOTP authentication is used for first factor authentication.

  • OTP account deactivation.

  • OTP account lockout feature.

  • OTP data storage in MS Active Directory attributes or MS SQL Service.

  • OTP account secrets encryption with AES 256-bit encryption.

  • Active Directory user password challenge for second factor authentication.

  • Email Authorization code for password reset workflow.

  • Unlimited email authorization codes.

  • Email authorization codes validity length customization.

  • Configuration of whitelist of domains to receive authorization code.

  • Configuration of subnets from which unlock/change/reset workflows can be executed.

  • Logs in Windows Applications Log.

  • Allows UI interface branding using CSS theme and logo image.

  • API interface.

Requirements

  • IIS 10 or above.

  • OS with Windows x64 architecture.

  • ASP.NET Core 3.1 Runtime (minimum v3.1.10).